curl up to 8.0.1 SSH SHA256 Fingerprint use after free

Summaryinfo

A vulnerability, which was classified as critical, has been found in curl. Affected by this vulnerability is an unknown functionality of the component SSH SHA256 Fingerprint Handler. Performing a manipulation results in use after free. This vulnerability is identified as CVE-2023-28319. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

Detailsinfo

A vulnerability, which was classified as critical, was found in curl (Network Utility Software). This affects an unknown functionality of the component SSH SHA256 Fingerprint Handler. The manipulation with an unknown input leads to a use after free vulnerability. CWE is classifying the issue as CWE-416. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code. This is going to have an impact on confidentiality, integrity, and availability.

The weakness was released 05/17/2023. It is possible to read the advisory at bugzilla.redhat.com. This vulnerability is uniquely identified as CVE-2023-28319 since 03/14/2023. The technical details are unknown and an exploit is not publicly available.

Upgrading to version 8.1.0 eliminates this vulnerability.

The vulnerability is also documented in the vulnerability database at EUVD (EUVD-2023-32026). Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Network Utility Software

Name

• curl

Version

• 2.3.2
• 6.0
• 6.1
• 6.1beta
• 6.3
• 6.4
• 6.5
• 6.5.1
• 6.5.2
• 7.1
• 7.1.1
• 7.2
• 7.2.1
• 7.3
• 7.4
• 7.4.1
• 7.4.2
• 7.5
• 7.5.1
• 7.5.2
• 7.6
• 7.6.1
• 7.7
• 7.7.1
• 7.7.2
• 7.7.3
• 7.8
• 7.8.1
• 7.9
• 7.9.1
• 7.9.2
• 7.9.3
• 7.9.4
• 7.9.5
• 7.9.6
• 7.9.7
• 7.9.8
• 7.10
• 7.10.1
• 7.10.2
• 7.10.3
• 7.10.4
• 7.10.5
• 7.10.6
• 7.10.7
• 7.10.8
• 7.11.0
• 7.11.1
• 7.11.2
• 7.12
• 7.12.0
• 7.12.1
• 7.12.2
• 7.12.3
• 7.13
• 7.13.0
• 7.13.1
• 7.13.2
• 7.14
• 7.14.0
• 7.14.1
• 7.15
• 7.15.0
• 7.15.1
• 7.15.2
• 7.15.3
• 7.15.4
• 7.15.5
• 7.16.0
• 7.16.1
• 7.16.2
• 7.16.3
• 7.16.4
• 7.17.0
• 7.17.1
• 7.18.0
• 7.18.1
• 7.18.2
• 7.19.0
• 7.19.1
• 7.19.2
• 7.19.3
• 7.19.4
• 7.19.5
• 7.19.6
• 7.19.7
• 7.20.0
• 7.20.1
• 7.21.0
• 7.21.1
• 7.21.2
• 7.21.3
• 7.21.4
• 7.21.5
• 7.21.6
• 7.21.7
• 7.22.0
• 7.23.0
• 7.23.1
• 7.24.0
• 7.25.0
• 7.26.0
• 7.27.0
• 7.28.0
• 7.28.1
• 7.29.0
• 7.30.0
• 7.31.0
• 7.32.0
• 7.33.0
• 7.34.0
• 7.35.0
• 7.36.0
• 7.37.0
• 7.37.1
• 7.38.0
• 7.39.0
• 7.40.0
• 7.41.0
• 7.42.0
• 7.42.1
• 7.43.0
• 7.44.0
• 7.45.0
• 7.46.0
• 7.47.0
• 7.47.1
• 7.48.0
• 7.49.0
• 7.49.1
• 7.50.0
• 7.50.1
• 7.50.2
• 7.50.3
• 7.51.0
• 7.52.0
• 7.52.1
• 7.53.0
• 7.53.1
• 7.54.0
• 7.54.1
• 7.55.0
• 7.55.1
• 7.56.0
• 7.56.1
• 7.57.0
• 7.58.0
• 7.59.0
• 7.60.0
• 7.61.0
• 7.61.1
• 7.62.0
• 7.63.0
• 7.64.0
• 7.64.1
• 7.65.0
• 7.65.1
• 7.65.2
• 7.65.3
• 7.66.0
• 7.67.0
• 7.68.0
• 7.69.0
• 7.69.1
• 7.70.0
• 7.71.0
• 7.71.1
• 7.72.0
• 7.73.0
• 7.74.0
• 7.75.0
• 7.76.0
• 7.76.1
• 7.77.0
• 7.78.0
• 7.79.0
• 7.79.1
• 7.80.0
• 7.81.0
• 7.82.0
• 7.83.0
• 7.83.1
• 7.84.0
• 7.85.0
• 7.86.0
• 7.87.0
• 7.88.0
• 7.88.1
• 8.0
• 8.0.0
• 8.0.1

License

• open-source

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion